[dns-operations] "Poorly configured DNSSEC servers at root of DDoS attacks"

[Daniel Kalchev]

> On 2.09.2016 г., at 15:38, Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:
> 
> On Fri, Sep 02, 2016 at 01:33:08PM +0100,
> Tony Finch <dot at dotat.at> wrote 
> a message of 33 lines which said:
> 
>> Dropping responses is likely to cause problems with legitimate ANY
>> queries.
> 
> And it may help poisoning attacks (the spoofer no longer has a race
> with the real server).

Which is why people go to the trouble of deploying DNSSEC.

Daniel